The company says that the vulnerability is being exploited in targeted attacks in the wild via a Flash object embedded in a Microsoft Word document. If this sounds familiar it should; it's quite similar to another Flash 0-day from several weeks ago which was embedded in an Excel file and used to attack RSA.

Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris

Adobe Flash Player 10.2.154.25 and earlier for Chrome users

Adobe Flash Player 10.2.156.12 and earlier for Android

The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.

Note: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are NOT affected by this issue.

Note also that there are no reports of attacks against Reader or Acrobat and that none were reported for the last similar attack. And Reader X for Windows's sandbox severely limits the potential for mischief that any exploit could effect.

Adobe credits the find to Mila Parkour (http://contagiodump.blogspot.com). His entry on the issue has much more information about the file and the e-mail in which it comes.